Author Archives Allen Baird

It is vital that security measures, including web application security scanning, play an early role in the software development life cycle. This article summarizes a podcast discussion in which Netsparker CEO Ferruh Mavituna talks about the place of security testing in the SDLC and how companies can achieve this integration with maximum success. Read More

This blog post summarizes a security talk given by CEO, Ferruh Mavituna, about scaling-up and automating web application security. Ferruh discusses the stages of vulnerability detection, website and vulnerability categories, the benefits and limits of automation, pre and post-scan challenges to automation, and the elimination of false positives. Read More

Enis Hulli from Glocal interviews Netsparker CEO Ferruh Mavituna on what inspired him to start Netsparker, and the key points in Netsparker’s development from startup to market leader. Ferruh plots Netsparker’s target market, biggest competitors, current traction and future prospects. They also examine current security needs of tech companies. Read More

Netsparker CEO Ferruh Mavituna is interviewed on Business Security Weekly about the importance of an asset discovery service. He discusses the need for a multi-layered approach, the place of discovery in the SDLC, the use of Netsparker as a pre-purchase software check, the importance of visibility and accountability, and the need for automation. Read More

Netsparker security researcher Sven Morgenroth was interviewed on Application Security Weekly #60 to discuss how to build applications that are secure by default, so that some of the most common vulnerabilities are automatically avoided. Read More

Ferruh Mavituna is interviewed about Netsparker by Help Net Security. The interview focuses on how Netsparker accurately identifies web application vulnerabilities without false positives using its unique Proof-Based technology, prioritizes fixes, prevents bottlenecks in development, discovers services, and deals with the growing problem of scalability. Read More

In episode #584 of Paul's Security Weekly, Sven Morgenroth, a Netsparker security researcher, discusses PHP Object injection vulnerabilities and explains the dangers of PHP's unserialize function. Sven provides background on PHP Objects, demos how to write an exploit for a PHP Object Injection vulnerability, and explains how to prevent them. Read More

At the end of 2018, PHP will stop security updates and support for some of its previous versions. This will expose hundreds of millions of websites to serious risk in terms of sites hacked, user details stolen, and massive fines. You need to update, and use systems that allow you to deploy only new versions of PHP by default. Read More